Software engineer Dmitry Sazonov has been arrested for trying to steal software code from his employers. The charge alleges that Sazonov attempted to steal the code to a financial services trading platform. According to Forbes, Sazonov was employed by Susquehanna International Group. After his supervisor resigned in February, Sazonov thought he might lose his job. As a result, he decided to steal the software he had been working on.
Acting U.S. Attorney Joon H. Kim said: “As alleged, Dmitry Sazonov attempted to steal valuable proprietary computer code that took his employer years to develop. Sazonov allegedly took elaborate steps to conceal his attempted theft, including camouflaging pieces of source code within harmless-looking draft emails on his work computer. Thanks to the FBI, Sazonov has been stopped and is now in custody.”
How was Dmitry Sazonov caught?
After his supervisor was dismissed, Sazonov spent time searching the Internet for information on steganography. This is a technique used to hide information inside other files. He also carried out a number of job searches through his work computer. It is not known if either or both of these actions triggered an alert with the IT security team. What is known is that when he met with his new supervisor he was immediately dismissed. As part of the company policy he was not allowed to return to his desk and was escorted off the premises immediately.
It turns out that Sazonov had downloaded all the source code and put it into a PDF file. He then downloaded a steganography programme from the Internet. He broke up the PDF with the source code and distributed it across emails and other files on his computer. For some reason, despite having all the data ready to email to himself, Sazonov didn’t send the emails before the meeting. As a result he was unable to retrieve the data.
Once escorted off the premises, Sazonov made repeated attempts to retrieve the files with the hidden source code. This may also have acted as a trigger for more detailed investigation of the files and uncovered the stolen code. Eventually the company, helped by the FBI, setup a meeting with him to hand over the files. As soon as Sazonov had the files he was arrested.
A decade in prison and US $250,000 fine
According to the press release, Sazonov has been charged with: “one count of attempted theft of trade secrets, which carries a maximum sentence of 10 years in prison and a maximum fine of $250,000 or twice the gross gain or loss from the offense.” These are the maximum penalties for this case and it may be that Sazonov gets off with less.
Until the case is heard in court it is hard to know exactly what tipped off the company about Sazonov’s plans. It could have been his browsing history, the downloading of all the source code or the downloading of the steganography enabling programme. All of these are activities that modern security systems monitor.
It is also likely that his behaviour and computer usage changed during the time he was planning the crime. This is also something that AI and cognitive security systems would have spotted. There is also his behaviour and continued attempts to recover the files. While it is not uncommon for people to store personal data on work machines, anyone leaving a company has to expect that those files will be opened and examined.
We will have to wait for the details of the case to come out in court to know exactly what was Sazonov’s downfall. For now, it is one in the win column for IT security.